|
|
|
Global Toolbar (top of SmartConsole)
|
Description |
|---|---|
|
The main SmartConsole Menu. When SmartConsole is connected to a Security Management Server, this includes:
|
|
Create new objects or open the Object Explorer |
|
Install policy on managed gateways |
Session Management Toolbar (top of SmartConsole)
|
Description |
|---|---|
|
Discard changes made during the session |
|
Enter session details and see the number of changes made in the session. |
|
Publish changes, to make them visible to other administrators, and ready to install on gateways. Note - When the policy is installed, published changes are installed on the gateways and enforced. |
Navigation Toolbar (left side of SmartConsole)
|
Keyboard Shortcut |
Description |
|---|---|---|
|
Ctrl+1 |
Gateways & Servers configuration view:
|
|
Ctrl+2 |
Security Policies Access Control view:
Security Policies Threat Prevention view:
Shared Policies Views:
|
|
Ctrl+3 |
Logs & Monitor view:
|
|
Ctrl+4 |
Manage & Settings view - review and configure the Security Management Server settings:
|
Command Line Interface Button (left bottom corner of SmartConsole)
|
Keyboard Shortcut |
Description |
|---|---|---|
|
F9 |
Open a command line interface for management scripting and API |
Objects Bar (right side of SmartConsole)
|
Description |
|---|---|
Objects |
Manage security and network objects |
Validations Pane (right side of SmartConsole)
|
Description |
|---|---|
Validations |
See validation errors |
System Information Area (bottom of SmartConsole)
|
Description |
|---|---|
Task List |
See management tasks in progress and expand to see recent tasks |
Server Details |
See the IP address of the server to which SmartConsole is connected. If Management High Availability is configured, click to see the details. |
Session Status |
See the number of changes made in the session and the session status. |
Connected administrators |
See connected administrators: Yourself and others. |
In each view you can search the Security Management Server database for information relevant to the view. For example:
The Access Tools section in the Security Policies Access Control view and the Threat Tools section in the Security Policies Threat Prevention view give you more management and data collection tools.
Access Tools in the Security Policies Access Control view:
Tool |
Description |
|---|---|
VPN Communities |
Create, edit, or delete VPN Communities. |
Updates |
Update the Application and URL Filtering database, schedule updates, and configure updates. |
UserCheck |
Configure UserCheck interaction objects for Access Control policy actions. |
Client Certificates |
Create and distribute client certificates that allow users to authenticate to the Gateway from handheld devices. |
Application Wiki |
Browse to the Check Point AppWiki. Search and filter the Web 2.0 Applications Database, to use Check Point security research in your policy rules for actions on applications, apps, and widgets. |
Installation History |
See the Policy installation history for each Gateway, and who made the changes. See the revisions that were made during each installation, and who made them. Install a specific version of the Policy. |
Threat Tools in the Security Policies Threat Prevention view:
Tool |
Description |
|---|---|
Profiles |
Create, edit, or delete profiles. |
IPS Protections |
Edit IPS protections per profile. |
Protections |
See statistics on different protections |
Whitelist Files |
Configure Whitelist Files list |
Indicators |
Configure indicators of malicious activity and how to handle it |
Updates |
Configure updates to the Malware database, Threat Emulation engine and images, and the IPS database. |
UserCheck |
Configure UserCheck interaction objects for Threat Prevention policy actions. |
Threat Wiki |
Browse to the Check Point ThreatWiki. Search and filter Check Point's Malware Database, to use Check Point security research to block malware before it enters your environment, and to best respond if it does get in. |
Installation History |
See the Policy installation history for each Gateway, and who made the changes. See the revisions that were made during each installation, and who made them. Install a specific version of the Policy. |
The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages.
Shared policies are installed with the Access Control Policy.
Software Blade |
Description |
|---|---|
Mobile Access |
Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile. |
DLP |
Launch Data Loss Prevention policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users. |
Geo Policy |
Create a policy for traffic to or from specific geographical or political locations. |
HTTPS Inspection |
The HTTPS Policy allows the Security Gateway to inspect HTTPS traffic to prevent security risks related to the SSL protocol. The HTTPS Policy shows if HTTPS inspection is enabled on one or more Gateways. To learn more about HTTPS Inspection, see the R80.10 Next Generation Security Gateway Guide. |
Inspection Settings |
You can configure Inspection Settings for the Firewall:
|
You can also configure objects and rules through the API command line interface, which you can access from SmartConsole.
|
Click to open the command line interface. |
|
Click to open the API reference (in the command line interface). Use the Command Line Reference to learn about Session management commands, Host commands, Network commands, and Rule commands. |
In addition to the command line interface, you can create and run API scripts to manage configuration and operations on the Security Management Server.
Objects in SmartConsole represent networks, devices, protocols and resources. SmartConsole divides objects into these categories:
Icon |
Object Type |
Examples |
|---|---|---|
|
Network Objects |
Gateways, hosts, networks, address ranges, dynamic objects, security zones |
|
Services |
Services, Service groups |
|
Custom Applications/Sites |
Applications, Categories, Mobile applications |
|
VPN Communities |
Site to Site or Remote Access communities |
|
Users |
Users, user groups, and user templates |
|
Data Types |
International Bank Account Number - IBAN, HIPAA - Medical Record Number - MRN, Source Code. |
|
Servers |
Trusted Certificate Authorities, RADIUS, TACACS |
|
Time Objects |
Time, Time groups |
|
UserCheck Interactions |
Message windows: Ask, Cancel, Certificate Template, Inform, and Drop |
|
Limit |
Download and upload bandwidth |
You can add, edit, delete, and clone objects. A clone is a copy of the original object, with a different name. You can also replace one object in the Policy with another object.
Note - Do not create two objects with the same name. You will see a validation error when you try to publish. To resolve, change one of the object names.
To work with objects, right-click the object in the object tree or in the Object Explorer, and select the action.
You can delete objects that are not used, and you can find out where an object is used.
To clone an object:
The Clone Object window opens.
To find out where an object is used:
In the object tree or in the Object Explorer, right-click the object and select Where Used.
To replace an object with a different object:
To delete all instances of an object:
Object tags are keywords or labels that you can assign to the network objects or groups of objects for search purposes. These are the types of tags you can assign:
Each tag has a name and a value. The value can be static, or dynamically filled by detection engines.
To add a tag to an object:
The new tag shows to the right of the Add Tag field.
